SoylentNews is people
SoylentNews
from the start-the-source-review-in-3....2....1..... dept.
EFF's "Let's Encrypt" Enters Public Beta
As of today, invitations are no longer needed to get a free certificated signed by the EFF's Let's Encrypt CA.
The user guide explains several options for the process, ranging from automatically setting up SSL for Apache or Nginx (support for Nginx is still experimental), to a manual process for those who would rather not run the installer as root.
Let's Encrypt CA issues short lived certificates (90 days), which shouldn't be a problem with a sufficiently automated renewal process. It looks like wildcard certificates won't be issued anytime soon (if at all), but you can get certificates that are good for multiple subdomains.
"Let's Encrypt" Project Enters Public Beta
The Electronic Frontier Foundation and Mozilla-backed Let's Encrypt certificate authority has now entered Public Beta:
So if you run a server, and need certificates to deploy HTTPS, you can run the beta client and get one right now. If you have any questions, you can get answers on community.letsencrypt.org.
We've still got a lot to do. This launch is a Public Beta to indicate that, as much as today's release makes setting up HTTPS easier, we still want to make a lot more improvements towards our ideal of fully automated server setup and renewal. Our roadmap includes may features including options for complete automation of certificate renewal, support for automatic configuration of more kinds of servers (such as Nginx, postfix, exim, or dovecot), and tools to help guide users through the configuration of important Web security features such as HSTS, upgrade-insecure-requests, and OCSP Stapling. And of course, if you have some Python coding knowledge, you can come and help us reach those objectives.
A fully encrypted Web is within reach. Let's Encrypt is going to help us get there.
The Register reports:
The certification-issuing service is run by the California-based Internet Security Research Group (ISRG), and is in public beta after running a trial among a select group of volunteers. The public beta went live at 1800 GMT (1000 PT) today.
Its certificates are trusted by all major browsers – Google Chrome, Mozilla Firefox and Microsoft's Internet Explorer worked in our office with fresh certs from the fledgling certificate authority.
Incredibly, it is almost too easy to use. You download an open-source client to your web server, and then one command will request and install a certificate, and configure your system to use it. And that's it.
[...] Full documentation is here and a quick start guide is here.
(Score: 2, Insightful) by Anonymous Coward on Thursday December 03 2015, @11:50PM
> Great, now I can trust these random people with my secure data instead trusting random people with my secure data!
This project is not about securing data. Nobody should expect that.
It is about frustrating the NSA and their fellow travelers -- the idea is to get as much network traffic encrypted as possible. Previously they've operated with the goal of "sniff it all, collect it all, know it all, process it all, exploit it all." [commondreams.org] This initiative is intended to make that first step much less practical for them while being cheap to implement for everybody else.
It won't be a panacea, far from it. The NSA has surely been working on countermeasures and they literally have billions to throw at the problem But the status quo has to change and this is one part of that change.